[keycloak-user] IDP SAMLV2.0 with Salesforce
Marek Posolda
mposolda at redhat.com
Mon May 4 08:36:31 EDT 2015
Yeah, that worked for me. Localhost is also used in the example
instructions
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce+as+SP .
AFAIR Salesforce interacts with IDP just through browser redirects, not
backchannel requests. So localhost is not a problem.
Marek
On 4.5.2015 13:59, Bill Burke wrote:
> Hey, do you know if Salesforce as an SP works if the IDP is localhost?
> Or did you have to test that outside a firewall?
>
> On 5/4/2015 3:03 AM, Marek Posolda wrote:
>> As far as I remember, it could be the certificate in CRT format exported
>> from keystore file via "keytool -export" . At least that's what worked
>> for me couple of years back when I did integration of Salesforce with
>> Picketlink:
>> https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce+as+SP
>>
>>
>>
>> Marek
>>
>> On 30.4.2015 17:39, Bill Burke wrote:
>>> I set up a salesforce example and looked at the login response SAML
>>> document. Looks like no assertion data is being sent back at all by
>>> salesforce.
>>>
>>> On 4/30/2015 9:43 AM, Bill Burke wrote:
>>>> i have no idea. Basically this error is stating that the login
>>>> response
>>>> saml document has no assertions within it. If there are no
>>>> assertions,
>>>> then there has been no identity data sent.
>>>>
>>>> I'm looking now, but can you send me a link on how to set up
>>>> Salesforce
>>>> as an IDP? Is one able to set up a free account and such?
>>>>
>>>> On 4/30/2015 9:25 AM, Henk Laracker wrote:
>>>>> Hi Bill,
>>>>>
>>>>> I don¹t know why I missed that, thanks! Salesforce respons know with
>>>>> the
>>>>> correct login page. After logging in in Salesforce, I¹m redirected to
>>>>> keycloak again with a internal error:
>>>>>
>>>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException:
>>>>> Could not
>>>>> process response from SAML identity provider.
>>>>> at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
>>>>>
>>>>>
>>>>> int.java:299)
>>>>> at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoi
>>>>>
>>>>>
>>>>> nt.java:343)
>>>>> at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:169
>>>>>
>>>>>
>>>>> )
>>>>> at
>>>>> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117)
>>>>>
>>>>>
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> [rt.jar:1.8.0_45]
>>>>> at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:6
>>>>>
>>>>>
>>>>> 2) [rt.jar:1.8.0_45]
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
>>>>>
>>>>>
>>>>> l.java:43) [rt.jar:1.8.0_45]
>>>>> at java.lang.reflect.Method.invoke(Method.java:497)
>>>>> [rt.jar:1.8.0_45]
>>>>> at
>>>>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1
>>>>>
>>>>>
>>>>> 37) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>> at
>>>>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethod
>>>>>
>>>>>
>>>>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>> at
>>>>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.
>>>>>
>>>>>
>>>>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>> at
>>>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
>>>>>
>>>>>
>>>>> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>> at
>>>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
>>>>>
>>>>>
>>>>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>> at
>>>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
>>>>>
>>>>>
>>>>> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>> at
>>>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
>>>>>
>>>>>
>>>>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>> at
>>>>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
>>>>>
>>>>>
>>>>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>> ... 39 more
>>>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No
>>>>> assertion from response.
>>>>> at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint.jav
>>>>>
>>>>>
>>>>> a:309)
>>>>> at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
>>>>>
>>>>>
>>>>> int.java:264)
>>>>> ... 54 more
>>>>>
>>>>> Any idea?
>>>>>
>>>>> Henk
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 30/04/15 14:31, "Bill Burke" <bburke at redhat.com> wrote:
>>>>>
>>>>>> You want to chain keycloak server to Salesforce?
>>>>>>
>>>>>> If you create a SAMLv2 IdentityProvider in keycloak that points to
>>>>>> Salesforce, you;ll see after you create it, an Export button. Click
>>>>>> that. That will create an entity descriptor with all the
>>>>>> information
>>>>>> you need.
>>>>>>
>>>>>> On 4/30/2015 2:45 AM, Henk Laracker wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I like to use Salesforce as Identity Provider, the metadata
>>>>>>> provided by
>>>>>>> salesforce can be imported.
>>>>>>> But I need to specify the Service Provider in salesforce, I have
>>>>>>> to fill
>>>>>>> in a couple of fields, but two of them I don¹t understand (and are
>>>>>>> mandatory). Does someone have any clue
>>>>>>>
>>>>>>> 1. entity id , remark of salesforce : get this value from your
>>>>>>> serviceprovider
>>>>>>> 2. ACS URL, remark of slaesforce : The assertion consumer
>>>>>>> service. Get
>>>>>>> this value from your service provider.
>>>>>>>
>>>>>>> I have tried a lot of values but every-time I click the saml
>>>>>>> button on
>>>>>>> my app, it redirects to salesforce but I get a page with the
>>>>>>> error :
>>>>>>> Error: Unable to resolve request into a Service Provider
>>>>>>>
>>>>>>> Henk
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>> --
>>>>>> Bill Burke
>>>>>> JBoss, a division of Red Hat
>>>>>> http://bill.burkecentral.com
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
More information about the keycloak-user
mailing list